CNNVD-202602-820 Information

Feb 05, 2026 cve

CNNVD ID

CNNVD-202602-820

CVE-2020-37148

  • CNNVD Published: 2026-02-05

Description (Chinese)

P5 FNIP-8x16A和P5 FNIP-4xSH都是英国P5公司的一款以太网继电器控制器。 P5 FNIP-8x16A和P5 FNIP-4xSH版本和1.0.11版本存在跨站脚本漏洞,该漏洞源于对多个GET/POST参数输入清理不当,可能导致存储型跨站脚本攻击。

Description (English)

P5 FNIP-8x16A and P5 FNIP-4xSH are all Ethernet relay controllers of the British company P5. P5 FNIP-8x16A and P5 FNIP-4xSH versions and Version 1.0.11 have cross-site script holes, which stem from inadequate clean-up of multiple GET/POST parameters and may result in storage-type cross-site script attacks.

Hazard Level

Critical

Vulnerability Type

跨站脚本

Affected Vendor

P5

Published

2026-02-05

Last Modified

2026-02-24

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/176993 https://packetstormsecurity.com/files/156170/P5-FNIP-8x16A-FNIP-4xSH-1.0.20-CSRF-XSS.html https://www.exploit-db.com/exploits/48362 https://www.p5.hu/ https://www.vulncheck.com/advisories/p-fnip-xafnip-xsh-stored-cross-site-scripting-xss https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php

Share on: